CVE 9.1 CRITICAL

Titra has Remote Code Execution in Admin Functionality_CVE-2025-69288

December 31, 2025 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Description

Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version 0.99.49 fixes the issue.

AI Analysis

Remote Code Execution in Admin Functionality due to unsanitized input

Basic Information

ID CVE-2025-69288

Source GitHub_M

Published Dec 31, 2025 at 21:55

Affected Product

Vendor kromitgmbh

Product titra

Version < 0.99.49

Affected Versions kromitgmbh titra < 0.99.49

CWE Classification

CWE-20

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor kromitgmbh

Product Titra

Version < 0.99.49

References

{
    "lastseen": "",
    "description": "Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version 0.99.49 fixes the issue.",
    "published": "2025-12-31T21:55:44.667Z",
    "modified": "2025-12-31T21:55:44.667Z",
    "type": "cve",
    "title": "Titra has Remote Code Execution in Admin Functionality",
    "source": "GitHub_M",
    "references": "https://github.com/kromitgmbh/titra/security/advisories/GHSA-pqgx-6wg3-gmvr\nhttps://github.com/kromitgmbh/titra/commit/2e2ac5cbeed47a76720b21c7fde0214a242e065e\nhttps://github.com/kromitgmbh/titra/releases/tag/0.99.49",
    "id": "CVE-2025-69288",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "kromitgmbh titra < 0.99.49",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "titra",
    "version": "< 0.99.49",
    "vendor": "kromitgmbh",
    "ai_description": "Remote Code Execution in Admin Functionality due to unsanitized input",
    "ai_severity": "Critical",
    "ai_vendor": "kromitgmbh",
    "ai_product": "Titra",
    "ai_version": "< 0.99.49",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply